1. Technical Field
The present invention relates to storage technology for management of saved data in a computer system, and relates in particular to rekeying technology for modifying key data used in data encryption and decryption.
2. Related Art
Conventional computer systems including a host computer system and a storage system that are connected via a network have employed, as the data encryption/decryption process format for encrypting and decrypting data, a format in which the encryption/decryption process is carried out on the host computer system end, as well as a format in which the encryption/decryption process is carried out on the storage system end have been used. Where encryption/decryption is carried out on the host computer system end, since the data is encrypted before it reaches the storage system over the network, the format is more advantageous in terms of security against leakage of information, as compared with the format in which the encryption/decryption process is carried out on the storage system end.
In some instances, rekeying, which involves modifying the key data used for encryption and decryption, is carried out for the purpose of improving security against leakage of information. JP-A-2005-303981 discloses technology for processing data access to a volume, while executing a cryptographic conversion process that uses new key data to re-encrypt data that was encrypted with old key data and that is stored in the volume.